Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing FBI Ransomware virus [Solved]

Started by Stargeneral , Jun 18 2014 08:39 AM

  • This topic is locked This topic is locked

#31
Biscuithd
Posted 21 June 2014 - 06:26 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I appreciate your patience in this matter.

 

You are quite welcome!! Heck, anyone can do the easy machines, I get excited about working on the difficult ones :)

 

Several of us have put our heads together and here's where I think we are. You have two drives in the machine, Infected and Slave. What we need to determine next, is when you boot from the Slave, is that displaying as D: or C:? Let's assume that it is, in that case, I need you to run a Check Disk on D: instead. In other words it looks like all our scans are working on the Slave and not the Infected. So, this time run Check Disk on D: like this.

 

run chkdsk d: /r

 

Then tell me how it goes? Does the Infected Disk boot and if so, can you run aswMBR on the Infected drive?


  • 0

Advertisements

#32
Stargeneral
Posted 23 June 2014 - 11:57 AM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Sorry was busy yesterday and did not see your post. Slave is showing up as c: and cd-rom is showing as d:


  • 0

#33
Biscuithd
Posted 23 June 2014 - 12:04 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Can you run chkdsk with the drive specification set to the Infected drive and then see if it will boot so that we can get a scan of the Infected drive.


  • 0

#34
Stargeneral
Posted 23 June 2014 - 12:05 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

The last chkdsk was run on e: as that is the way the infected drive is showing up. command was chkdsk e:/r


  • 0

#35
Biscuithd
Posted 23 June 2014 - 12:07 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

That makes sense. Did it run and what were the results? Did it cause the drive to boot?


  • 0

#36
Stargeneral
Posted 23 June 2014 - 12:11 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Can't find the results but infected drive would not boot afterwards to where i could even see my desktop. Virus lock screen came up. Will run chkdsk again if you want.


  • 0

#37
Biscuithd
Posted 23 June 2014 - 12:43 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

No, don't run chkdsk as it will not help.

 

Here's what I think is happening. If we boot from the Slave, FRST scans the Slave regardless of which disk it sits on.

 

If you boot from the USB and run FRST, it has the Infected Drive and the Slave drive to choose from and seems to again, pick the Slave.

 

We need to force FRST to scan the Infected drive and the only way I think that might happen is to remove the Slave from the equation. So, would it be possible for you to disconnect the Slave from the system, then boot from the USB drive you made with FRST on it and scan with FRST and hopefully it will scan the Infected drive. I can then analyze the resulting log and provide a fix.


  • 0

#38
Stargeneral
Posted 23 June 2014 - 12:47 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Ok be back when i get through


  • 0

#39
Stargeneral
Posted 23 June 2014 - 01:07 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

No slave attached on this one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014
Ran by SYSTEM on REATOGO on 24-06-2014 02:56:01
Running from D:\hitmanpro
Platform: Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-09] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [GameDrive] => C:\Program Files\FarStone\GameDrive\gdtask.exe [94208 2003-07-06] (FarStone Technology Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [98304 2006-01-03] (Apple Computer, Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\Default User\...\Run: [DellSupport] => C:\Program Files\Dell Support\DSAgnt.exe [332800 2005-05-15] (Gteko Ltd.)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [104960 2008-02-22] (ArcSoft Inc.)
S2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [1135728 2004-04-07] (America Online, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-06-17] (SurfRight B.V.)
S2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [154032 2013-01-15] (Sun Microsystems, Inc.)
S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-02-25] (Lexmark International, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe [227232 2010-09-03] (McAfee, Inc.)
S2 MyWebSearchService; C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE [28739 2008-06-13] (MyWebSearch.com)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [143360 2003-12-17] (Intel® Corporation)
S4 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 vToolbarUpdater18.1.5; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-09] (AVG Secure Search)
S2 AfaService; C:\WINDOWS\system32\afasrv32.exe [X]

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S2 ASCTRM; C:\Windows\System32\Drivers\ASCTRM.sys [8552 2006-01-03] (Windows ® 2000 DDK provider)
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [122136 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [198936 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192280 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107288 2014-05-13] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42784 2014-05-09] (AVG Technologies)
S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40480 2004-11-23] (Sonic Solutions)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [7936 2014-04-13] (FNet Co., Ltd.)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
S1 gdxwdm; C:\Windows\System32\DRIVERS\GDXWDM.sys [59977 2003-06-12] (FarStone Inc.)
S3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1233525 2004-03-06] (Intel Corporation)
S3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [647929 2004-03-06] (Intel Corporation)
S3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [61157 2004-06-16] (Intel Corporation)
S3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [37048 2004-03-06] (Intel Corporation)
S1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
S1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25883 2004-12-06] (Sonic Solutions)
S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-12-06] (Sonic Solutions)
S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-12-06] (Sonic Solutions)
S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-12-06] (Sonic Solutions)
S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86586 2004-12-06] (Sonic Solutions)
S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [15227 2004-12-06] (Sonic Solutions)
S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-12-06] (Sonic Solutions)
S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-12-06] (Sonic Solutions)
S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-12-06] (Sonic Solutions)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 bvrp_pci; No ImagePath
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-21 07:58 - 2014-06-21 12:37 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-20 14:52 - 2014-06-20 14:52 - 00000000 __SHD () C:\found.001
2014-06-18 16:11 - 2014-06-19 21:18 - 00000000 ____D () C:\frst
2014-06-17 22:27 - 2014-06-17 22:27 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-06-17 22:27 - 2014-06-17 22:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-04 00:10 - 2014-06-04 00:10 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
2014-06-04 00:03 - 2014-06-04 00:21 - 00000000 ____D () C:\Program Files\Vega Strike
2014-06-03 21:32 - 2014-06-03 21:32 - 00090112 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-01 15:47 - 2014-06-01 15:47 - 00090112 _____ () C:\Windows\Minidump\Mini060114-02.dmp
2014-06-01 13:50 - 2014-06-01 13:50 - 00090112 _____ () C:\Windows\Minidump\Mini060114-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-21 15:40 - 2006-01-08 13:41 - 00000000 ____D () C:\Documents and Settings\Nancy Langston\Local Settings\Temp
2014-06-21 15:40 - 2004-08-10 15:02 - 01877047 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 15:40 - 2004-08-10 14:51 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-06-21 15:39 - 2010-01-29 10:35 - 00753042 _____ () C:\Windows\setupapi.log
2014-06-21 12:37 - 2014-06-21 07:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-06-21 00:03 - 2004-08-10 15:08 - 00032398 _____ () C:\Windows\SchedLgU.Txt
2014-06-20 14:52 - 2014-06-20 14:52 - 00000000 __SHD () C:\found.001
2014-06-19 21:18 - 2014-06-18 16:11 - 00000000 ____D () C:\frst
2014-06-19 10:01 - 2013-03-28 00:00 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-06-19 10:01 - 2006-01-08 13:41 - 00000178 ___SH () C:\Documents and Settings\Nancy Langston\ntuser.ini
2014-06-17 22:27 - 2014-06-17 22:27 - 00001610 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-06-17 22:27 - 2014-06-17 22:27 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-17 22:27 - 2004-08-10 15:02 - 00000000 ____D () C:\Windows\System32\Restore
2014-06-17 22:26 - 2014-06-17 22:26 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-05 15:31 - 2012-08-29 19:25 - 00000000 ____D () C:\Documents and Settings\Nancy Langston\Application Data\Free Download Manager
2014-06-04 00:21 - 2014-06-04 00:03 - 00000000 ____D () C:\Program Files\Vega Strike
2014-06-04 00:10 - 2014-06-04 00:10 - 00000713 _____ () C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
2014-06-04 00:10 - 2012-05-18 20:48 - 00444952 _____ (Creative Labs) C:\Windows\System32\wrap_oal.dll
2014-06-04 00:10 - 2012-05-18 20:48 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2014-06-03 22:30 - 2013-12-31 02:04 - 00000000 ____D () C:\Documents and Settings\Nancy Langston\Desktop\Games
2014-06-03 21:32 - 2014-06-03 21:32 - 00090112 _____ () C:\Windows\Minidump\Mini060314-01.dmp
2014-06-03 21:32 - 2006-11-23 19:48 - 00000000 ____D () C:\Windows\Minidump
2014-06-03 19:36 - 2004-08-10 14:59 - 00000159 ____C () C:\Windows\wiadebug.log
2014-06-03 19:36 - 2004-08-10 14:59 - 00000048 ____C () C:\Windows\wiaservc.log
2014-06-02 21:48 - 2004-08-10 15:01 - 00125780 ____C () C:\Windows\wmsetup.log
2014-06-02 01:47 - 2012-06-27 06:27 - 00000000 ____D () C:\Documents and Settings\Nancy Langston\Application Data\Audacity
2014-06-01 16:07 - 2007-01-26 15:30 - 00097792 _____ () C:\Documents and Settings\Nancy Langston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-01 15:47 - 2014-06-01 15:47 - 00090112 _____ () C:\Windows\Minidump\Mini060114-02.dmp
2014-06-01 13:50 - 2014-06-01 13:50 - 00090112 _____ () C:\Windows\Minidump\Mini060114-01.dmp
2014-05-26 22:12 - 2014-05-23 01:08 - 00001670 _____ () C:\Documents and Settings\All Users\Desktop\NetZero Quick Help.lnk
2014-05-26 22:12 - 2014-05-09 20:56 - 00001589 _____ () C:\Documents and Settings\All Users\Desktop\NetZero Internet.lnk
2014-05-26 22:12 - 2011-10-30 01:13 - 00000000 ____D () C:\Program Files\NetZero

Some content of TEMP:
====================
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\CmdLineExt02.dll
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\dlLogic.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\dltr.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\exec.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\NullsoftHelper.dll
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\Tsu4F4A87A4.dll
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\uires.dll
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\verifier.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{013D9DD8-06B8-401E-B647-C69CC66F1D4C}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{0573569C-A58D-4F2B-8011-71B6ECE3C7F3}-35.0.1916.114_34.0.1847.137_chrome_updater.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{38863E87-278A-4E0B-B9FB-02759F537E9D}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{56F7B9B9-0BAC-4D1F-8FC9-B2659556E242}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{7D98C18B-7439-4618-A8BE-8AE0E3E7EC7B}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{92962532-FE87-410D-881C-3BE600D298ED}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{946224C8-068C-43D2-BC4F-0EF5B028D71E}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{A19306CE-DC2A-4236-A955-E99942A45554}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{B1F9B67A-7265-4A32-9850-ED09F5DCD949}-35.0.1916.114_chrome_installer.exe
C:\Documents and Settings\Nancy Langston\Local Settings\Temp\{FEAFA339-D6C6-445B-A7A3-34B8B2D83463}-35.0.1916.114_chrome_installer.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2004-08-10 14:51] - [2012-10-03 00:58] - 0617984 ____A (Microsoft Corporation) 1cf4ff12f6ae7adad82ca4ae55bd8b46

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2014-06-17 22:27 - 024576 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 1277.98 MB
Available physical RAM: 1036.3 MB
Total Pagefile: 1113.13 MB
Available Pagefile: 1056.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.79 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:34.21 GB) (Free:15.68 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:3.68 GB) (Free:2.63 GB) FAT32
Drive e: () (Removable) (Total:14.83 GB) (Free:13.82 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 37 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=34 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C7EE53AE)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#40
Biscuithd
Posted 23 June 2014 - 04:37 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I need to ask a few questions. I know you said that you see the FBI Ransomeware virus when you boot the Infected drive. Can you be more explicit? I'm trying to nail down exactly which flavor of the virus you have.

 

Like "A"

fbi-ransom-thumb.jpg

 

 

Like "B"

 

fbi-cybercrime-division-ransomware-thmb.

 

Like "C"

 

us-locker-thmb.jpg

 

 

Or something else. And, if it's something else, I need as vivid description as you can get as nothing I see on your Hard Drive looks like an FBI Ransomeware virus.


  • 0

Advertisements

#41
Stargeneral
Posted 23 June 2014 - 05:08 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

It come up with Your Computer Has Been Blocked in the upper left corner. Then it says United States Department Of Justice as a heading.

Attached Thumbnails

  • 2qsyvjp.jpg_url.jpeg

  • 0

#42
Stargeneral
Posted 23 June 2014 - 05:09 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Decided to go and find a jpeg of the screen.


  • 0

#43
Biscuithd
Posted 23 June 2014 - 05:09 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Excellent, thank you! Be back when I know more.


  • 0

#44
Biscuithd
Posted 24 June 2014 - 11:36 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Stargeneral,

 

I think we need to try a similar approach, but with a different tool. Can you try this and when you run it, make sure that only the Infected disk is attached. Not the Slave too.

 

If you can't burn a cd, I can find instructions and s/w for a USB so just let me know.

 

  • Download OTLPE from either location and save it to your desktop:

    http://oldtimer.geek...om/OTLPEStd.exe
    http://ottools.noahd...et/OTLPEStd.exe
  • Double click the OTLPENet icon on your desktop
  • "Do you want to burn the CD?" choose Yes
  • ImgBurn will automatically extract and load the OTLPE Iso to be burned to CD
  • Place a blank CD in your CD-Rom
  • Click imgbrn.png to start the burn process
  • You will see a dialog "Operation successfully completed"
  • Boot the non-working computer using the boot CD you just created
  • In order to do so, the computer must be set to boot from the CD first

    Note : For information click here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press "OK"
  • OTL should now start.
  • Push runscanbutton.png
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive.
  • Please post the contents of the C:\OTL.txt file in your next reply.

  • 0

#45
Stargeneral
Posted 24 June 2014 - 12:18 PM

Stargeneral

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Here are the scan result with just the infected drive connected:

 

OTL logfile created on: 6/24/2014 1:55:48 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 80.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.21 Gb Total Space | 15.68 Gb Free Space | 45.83% Space Free | Partition Type: NTFS
Drive D: | 3.68 Gb Total Space | 2.63 Gb Free Space | 71.42% Space Free | Partition Type: FAT32
Drive E: | 14.83 Gb Total Space | 12.96 Gb Free Space | 87.37% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - File not found [Auto] --  -- (AfaService)
SRV - [2014/06/17 22:27:38 | 000,106,248 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2014/05/13 15:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/05/13 15:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/05/09 18:35:32 | 001,801,752 | ---- | M] (AVG Secure Search) [Auto] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5)
SRV - [2014/03/15 14:14:31 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 17:19:24 | 000,039,056 | ---- | M] () [Disabled] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled] -- C:\Program Files\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/06/13 23:55:31 | 000,028,739 | ---- | M] (MyWebSearch.com) [Auto] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2008/02/22 12:33:00 | 000,104,960 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (bvrp_pci)
DRV - [2014/05/13 15:19:14 | 000,192,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2014/05/13 15:17:24 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2014/05/13 15:17:22 | 000,210,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/05/13 15:17:22 | 000,122,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2014/05/13 15:17:20 | 000,149,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2014/05/13 15:17:20 | 000,107,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2014/05/13 15:09:12 | 000,198,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2014/05/13 15:04:36 | 000,027,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2014/05/13 15:04:34 | 000,021,272 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2014/05/09 18:35:33 | 000,042,784 | ---- | M] (AVG Technologies) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2014/04/13 17:17:48 | 000,007,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System] -- C:\WINDOWS\system32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2006/11/10 17:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/01/03 15:56:37 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/10/26 13:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/16 05:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 06:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 06:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 06:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/12 09:33:00 | 000,059,977 | ---- | M] (FarStone Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\gdxwdm.sys -- (gdxwdm)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Nancy_Langston_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
IE - HKU\Nancy_Langston_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Nancy_Langston_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Nancy_Langston_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\Nancy_Langston_ON_C\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.)
IE - HKU\Nancy_Langston_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: 
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/08 20:18:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/23 22:50:01 | 000,000,000 | ---D | M]

[2013/03/28 00:07:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nancy Langston\Application Data\Mozilla\Firefox\Profiles\extensions
[2012/06/29 22:28:38 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Documents and Settings\Nancy Langston\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2014/02/08 20:19:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Nancy Langston\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (KangoBHO) - {A88DE8D3-9C38-4F0D-8981-A4C17F7677A1} - C:\Program Files\Notificatoin\1.0.0\KangoBHO.dll (Kango)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (NetZero Toolbar Helper) - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - C:\Program Files\NetZero\UCReg.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.5.514\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O3 - HKU\Nancy_Langston_ON_C\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKU\Nancy_Langston_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\Nancy_Langston_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Nancy_Langston_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Nancy_Langston_ON_C\..\Toolbar\WebBrowser: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GameDrive] C:\Program Files\FarStone\GameDrive\gdtask.exe (FarStone Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Nancy_Langston_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Nancy_Langston_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Free Download Manager\dllink.htm ()
O9 - Extra Button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - Reg Error: Value error. File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1375492197765 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://download.mac...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2014/06/21 07:58:18 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2014/06/20 14:52:30 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/06/18 16:11:02 | 000,000,000 | ---D | C] -- C:\frst
[2014/06/17 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/06/17 22:27:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/06/17 22:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2014/06/05 14:37:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Report
[2014/06/04 00:10:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/04 00:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Vega Strike
[2014/05/12 05:57:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.DLL
[2014/05/12 05:57:03 | 000,273,408 | R--- | C] (Mpath Interactive) -- C:\Program Files\mplaynow.exe
[2014/05/12 05:57:01 | 004,094,464 | ---- | C] (Hothouse Creations) -- C:\Program Files\gangsters.exe
[2013/12/16 22:19:30 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/24 04:12:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/24 04:11:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/06/24 04:11:51 | 1340,133,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/21 15:40:22 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/21 15:40:22 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/21 15:40:07 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/21 15:39:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2014/06/20 18:08:53 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{37B74C27-72C0-470F-BC3D-810F55BB4292}.job
[2014/06/17 22:27:36 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/06/17 22:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
[2014/06/05 15:34:32 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/05 15:33:13 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 00:10:36 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2014/06/04 00:10:35 | 000,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2014/06/04 00:10:28 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/06/04 00:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Vega Strike
[2014/06/03 16:04:02 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/02 14:36:18 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3312560122-1070824374-1967851052-1006.job
[2014/06/01 16:07:55 | 000,097,792 | ---- | M] () -- C:\Documents and Settings\Nancy Langston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/26 22:12:30 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Quick Help.lnk
[2014/05/26 22:12:30 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\NetZero Internet.lnk
[2014/05/26 22:12:30 | 000,001,589 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetZero Internet.lnk
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/17 22:27:36 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
[2014/06/04 00:10:28 | 000,000,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Vega Strike.lnk
[2014/05/12 05:57:20 | 000,096,256 | ---- | C] () -- C:\Program Files\SMACKW32.DLL
[2014/05/12 05:57:04 | 000,093,696 | ---- | C] () -- C:\Program Files\GameConfiguration.dll
[2014/05/12 05:57:04 | 000,058,880 | ---- | C] () -- C:\Program Files\readme.rtf
[2014/05/12 05:57:04 | 000,010,752 | R--- | C] () -- C:\Program Files\MplayerReadme.wri
[2014/05/12 05:57:04 | 000,000,229 | R--- | C] () -- C:\Program Files\MPLAYNOW.INI
[2014/05/12 05:56:36 | 000,000,018 | ---- | C] () -- C:\Program Files\Security.key
[2014/04/11 17:03:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/04/11 17:03:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/04/11 17:03:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/04/11 17:03:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/04/11 17:03:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/01/14 15:40:58 | 000,238,736 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2013/12/16 23:28:08 | 003,916,288 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2013/12/16 23:27:32 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/12/16 23:27:00 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2013/12/16 23:26:40 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2013/12/16 23:26:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2013/12/16 23:26:40 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2013/12/16 23:26:38 | 001,525,760 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2013/12/16 23:26:38 | 000,211,968 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2013/12/16 23:26:38 | 000,136,704 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2013/12/16 23:26:38 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2013/12/16 22:38:54 | 000,877,296 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/12/16 22:38:52 | 000,242,259 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/12/16 22:15:32 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll
[2013/12/16 22:15:32 | 000,000,236 | ---- | C] () -- C:\WINDOWS\System32\Formats.ini
[2013/12/16 22:15:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\bass_tak.dll
[2013/12/16 21:28:34 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe
[2013/12/16 21:28:26 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll
[2013/12/16 21:28:18 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2013/12/16 21:28:18 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2013/12/16 21:28:18 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2013/12/16 21:27:52 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe
[2013/12/16 21:27:50 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2013/12/16 21:27:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe
[2013/12/16 21:27:16 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe
[2013/12/16 21:27:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2013/12/16 21:27:14 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2013/12/16 21:27:14 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2013/12/16 21:27:10 | 000,142,336 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2013/12/16 21:26:52 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2013/12/16 21:26:46 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\spdif_test.exe
[2013/12/16 21:26:40 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2013/09/02 01:47:30 | 000,026,514 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2013/02/01 00:25:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\csgme96.ini
[2012/11/17 22:37:07 | 000,012,146 | ---- | C] () -- C:\Documents and Settings\Nancy Langston\AVGIDSAgent
[2012/10/15 20:30:21 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Kyor.ini
[2012/09/12 00:35:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FSDataSvr.sys
[2012/09/12 00:35:21 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\dptlcg32.dll
[2012/08/08 20:45:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012/08/08 20:45:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012/08/08 20:45:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011/04/11 15:52:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2011/01/16 13:17:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011/01/10 20:34:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/01/10 20:15:12 | 000,000,475 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/09/22 14:29:25 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Nancy Langston\Local Settings\Application Data\fusioncache.dat
[2008/12/09 11:48:33 | 000,539,599 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\phn.dat
[2007/09/14 17:59:18 | 000,130,509 | ---- | C] () -- C:\WINDOWS\HPHins13.dat
[2007/09/14 17:59:18 | 000,002,977 | ---- | C] () -- C:\WINDOWS\hphmdl13.dat
[2007/03/22 16:47:35 | 000,046,344 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2007/01/26 15:30:53 | 000,097,792 | ---- | C] () -- C:\Documents and Settings\Nancy Langston\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/22 21:31:35 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/11/15 21:56:15 | 000,000,933 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2006/11/15 21:48:18 | 000,000,095 | ---- | C] () -- C:\WINDOWS\LTANK.INI
[2006/11/03 13:54:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006/11/03 13:54:33 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2006/11/03 13:54:32 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2006/01/19 10:26:59 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Nancy Langston\Application Data\PFP120JPR.{PB
[2006/01/19 10:26:59 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Nancy Langston\Application Data\PFP120JCM.{PB
[2006/01/09 14:56:16 | 000,000,430 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/01/08 22:01:26 | 000,005,018 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/08 22:01:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\780B9A934A.sys
[2006/01/08 17:29:14 | 000,003,106 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/01/03 16:14:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/03 16:04:27 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2006/01/03 15:57:24 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/01/03 15:55:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/01/03 15:34:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/01/03 15:34:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/01/03 15:34:18 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 10:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,232,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,407,170 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,063,952 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:10 | 000,578,560 | ---- | C] () -- C:\WINDOWS\System32\user32.ini
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/07/21 17:38:30 | 000,006,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartCdx.sys
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\VDExtend.dll
[2003/07/08 12:54:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\GDExtend.dll
[2003/06/07 10:57:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\fsmesbox.dll
[2003/06/07 10:57:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FsLodLib.dll
[2003/06/07 10:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\DxpApp.exe
[2003/02/14 11:56:00 | 000,016,384 | ---- | C] () -- C:\WINDOWS\FSRunCmd.exe
[1997/06/13 22:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2014/03/14 19:52:50 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\AVG2014
[2009/09/12 02:53:43 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\SACore
[2014/03/20 03:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG
[2006/01/09 15:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Netscape
[2009/09/11 20:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2013/12/31 01:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\AstroMenace
[2014/06/02 01:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Audacity
[2014/03/20 03:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\AVG
[2013/03/28 00:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\AVG SafeGuard toolbar
[2014/03/14 19:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\AVG2014
[2012/07/23 23:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Babylon
[2013/12/05 01:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\De Marchi
[2014/02/22 23:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\ElevatedDiagnostics
[2012/09/12 00:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\FarStone
[2014/06/05 15:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Free Download Manager
[2013/02/24 00:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\FreshDiagnose
[2011/07/01 00:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\FrostWire
[2013/07/18 17:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\funkitron
[2012/10/02 02:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\imeshtoolbar2
[2014/03/02 12:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\MPC-HC
[2006/01/08 14:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\MSNInstaller
[2007/05/29 21:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Netscape
[2012/06/19 20:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\OpenCandy
[2009/11/27 00:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Opera
[2014/04/17 01:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\OTB_util
[2013/01/08 21:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\pokerth
[2012/10/02 02:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\searchresultstb
[2011/03/31 14:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\Tific
[2013/10/12 03:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\TS3Client
[2013/03/28 00:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\TuneUp Software
[2014/03/03 19:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\YourFileDownloader
[2013/12/26 02:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nancy Langston\Application Data\{A88DE8D3-9C38-4F0D-8981-A4C17F7677A1}
[2012/11/18 23:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\041890C4AF0DD1A3000004188CB3D95A
[2012/10/02 02:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1637A
[2014/04/08 00:25:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2014/03/20 03:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/12/17 01:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/03/14 18:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2014/03/14 19:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2014/03/23 12:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2012/07/23 23:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2013/03/28 00:00:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2014/04/13 17:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2013/01/18 01:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Download Manager
[2014/06/17 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/10/02 02:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh
[2013/11/10 03:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2006/08/11 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2014/06/19 10:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/14 00:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2011/10/30 01:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero
[2012/09/14 02:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2012/06/29 22:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2006/01/03 15:56:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2014/03/20 03:44:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/03/20 03:44:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3002E08A-4925-4821-8D06-D5FC4EBFF034}
[2014/06/21 15:39:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2014/06/20 18:08:53 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{37B74C27-72C0-470F-BC3D-810F55BB4292}.job

========== Purity Check ==========


< End of report >


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP